Details

Security

(public)

User Story

This is majorly to help create a Dashboard (currently focusing Indian Developers, although, scalable) which will then fetch user details using the mozillians APIs and gather other information around them. See http://sankhs.com/mozdashboard/ for starters. Everything else is done, just an exhaustive list of users/devs is to be built up. This is where this api key will help.

I forgot the usage details. I am planning to do one call per day from a cron job running at my server. The call will most probably be to get details of all the x country users on mozillians.org. As said above, x is most likely to be India in the beginning.

Hi Girish, thank you for your request. If I understand correctly, you would like to retrieve profile information for all x users on mozillians.org who live in a specific country.
Using the API to retrieve users based on a search term is only available to apps that are managed on Mozilla infrastructure (called Mozilla apps) [1]. The API provides simpler access for Community apps that allow you to verify if a specific email address belongs to a vouched Mozillian.
In order to use the API as you intend, I think there are two possibilities: 1) we could host your app on Mozilla infrastructure, possibly by the Community IT team. 2) We can adjust our API for Community apps depending on what exact data you want to retrieve about individual users.
Can you please explain what profile data you want to retrieve? For example: name, city, skills, groups.
[1] https://wiki.mozilla.org/Mozillians/API-Specification/List_Users/

I mainly am interested in email and name. It would be awesome if the API could just spit out those, but its not a high priority requirement.
As for the hosting of the app on mozilla infrastructure, so this dashboard is now a part of the mozillaindia.org [0] and the cron jobs are also planned to be hosted on mozillaindia.org (which is on mozilla infrastructure) only. So I think it fulfills your requirement.
[0] http://devs.mozillaindia.org/leaderboard/

(In reply to Girish Sharma [:Optimizer] from comment #4)
> As for the hosting of the app on mozilla infrastructure, so this dashboard
> is now a part of the mozillaindia.org [0] and the cron jobs are also planned
> to be hosted on mozillaindia.org (which is on mozilla infrastructure) only.
>
> [0] http://devs.mozillaindia.org/leaderboard/
Just a little nit-pick - it's a Community IT hosted/supported domain, to be more specific. Mozilla InfraOps are directly behind this, backing it up - but I'm not sure if there're any specific/extra qualifiers (like SSL, security-verification etc.) for what you mean by Mozilla-Infra.
Eitherway, if *.mozillaindia.org can be whitelisted for queries to Mozillians API that'd be great. The domain ownership is now with Mozilla IT already, and I'm the main sysop of the server - if you need my input for anything at mozilla-india serverside.

:Optimizer, apologies for the delay. I think this is a fantastic use of the API, and I will approve your request as long as the privacy requirement below is met.
(In reply to Soumya Deb [:Debloper] from comment #5)
> Just a little nit-pick - it's a Community IT hosted/supported domain, to be
> more specific. Mozilla InfraOps are directly behind this, backing it up -
> but I'm not sure if there're any specific/extra qualifiers (like SSL,
> security-verification etc.) for what you mean by Mozilla-Infra.
There is an extra qualifier for privacy, since mozillians.org account names and email addresses should not all be displayed publicly (most Mozillians have not made this information public on mozillians.org). I think a good short-term solution is to only use the API if the user on your site has signed into Persona and has a vouched account on mozillians.org, which can be confirmed using the API. Here's how it would work out:
*As a signed-in vouched Mozillian, I can view names and email addresses retrieved from the mozillians.org API.
* As a public user (not signed in as a vouched Mozillian), I cannot view names and email addresses retrieved from the mozillians.org API.
The simplest implementation of this site is to only make the leaderboard visible to signed-in Mozillians.
> Eitherway, if *.mozillaindia.org can be whitelisted for queries to
> Mozillians API that'd be great. The domain ownership is now with Mozilla IT
> already, and I'm the main sysop of the server - if you need my input for
> anything at mozilla-india serverside.
We don't offer whitelisting support, so please make API requests for any other apps on your domain where you want to use the mozillians.org API.
Please let me know how you plan to handle the privacy requirement. Thanks!

Hi William, no issues with the delay part. I know you have been traveling. Please see my answer below.
> There is an extra qualifier for privacy, since mozillians.org account names
> and email addresses should not all be displayed publicly (most Mozillians
> have not made this information public on mozillians.org). I think a good
> short-term solution is to only use the API if the user on your site has
> signed into Persona and has a vouched account on mozillians.org, which can
> be confirmed using the API. Here's how it would work out:
>
> *As a signed-in vouched Mozillian, I can view names and email addresses
> retrieved from the mozillians.org API.
> * As a public user (not signed in as a vouched Mozillian), I cannot view
> names and email addresses retrieved from the mozillians.org API.
>
> The simplest implementation of this site is to only make the leaderboard
> visible to signed-in Mozillians.
I would like to keep the persona sign in required option as our last option. What if we still keep the leaderboard open and do not expose any email addresses and real names ?
What I mean to say is that the server will make a call, hold all user info retrieved from API locally in a variable. Use the information (email id mainly) to get details like github id, commits, bugzilla numbers etc. and then we only save the github id, or IRC nick (recieved from the API) or bugzilla user name in the final file (along with other stats, ofcourse) ?
Will the above mentioned solution address the pricacy concerns ?

William, it's a valid privacy issue if we display the user's details from Mozillians.
However, we're not gonna do that. Rather, as :Optimizer says, we'll just use their email IDs to warehouse their (public) data of developer contributions.
And for the ones, who've made the emails public on Mozillians (or GitHub (or somewhere else)), I don't think it will hurt the privacy policy of Phonebook to expose their email IDs.
Is that okay?

Approved based on the comment 10 and comment 11. Please be sure to not display names and email addresses publicly that you retrieve through the Mozillians API.
Also, if you add a Persona signin, you can show any information from the Mozillians API to users who are signed in and are vouched Mozillians.
I have emailed your API key and instructions. Thanks for your patience - I realize it took a few weeks to approve your request.
It would be great to see this shown at the Summit - please share a link when it is live :)